cve-2021-46760
Vulnerability from cvelistv5
Published
2023-05-09 19:01
Modified
2024-08-04 05:17
Severity ?
EPSS score ?
Summary
A malicious or compromised UApp or ABL can send
a malformed system call to the bootloader, which may result in an out-of-bounds
memory access that may potentially lead to an attacker leaking sensitive
information or achieving code execution.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@amd.com | https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 | Vendor Advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:17:42.578Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] } ], "datePublic": "2023-05-09T16:30:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A malicious or compromised UApp or ABL can send\na malformed system call to the bootloader, which may result in an out-of-bounds\nmemory access that may potentially lead to an attacker leaking sensitive\ninformation or achieving code execution.\n\n\n\n\u003cbr\u003e" } ], "value": "A malicious or compromised UApp or ABL can send\na malformed system call to the bootloader, which may result in an out-of-bounds\nmemory access that may potentially lead to an attacker leaking sensitive\ninformation or achieving code execution.\n\n\n\n\n" } ], "providerMetadata": { "dateUpdated": "2023-05-09T19:01:05.377Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" } ], "source": { "advisory": "AMD-SB-4001", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-46760", "datePublished": "2023-05-09T19:01:05.377Z", "dateReserved": "2022-03-31T16:50:27.869Z", "dateUpdated": "2024-08-04T05:17:42.578Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-46760\",\"sourceIdentifier\":\"psirt@amd.com\",\"published\":\"2023-05-09T20:15:12.283\",\"lastModified\":\"2023-05-22T15:40:00.550\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A malicious or compromised UApp or ABL can send\\na malformed system call to the bootloader, which may result in an out-of-bounds\\nmemory access that may potentially lead to an attacker leaking sensitive\\ninformation or achieving code execution.\\n\\n\\n\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3945wx_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C78A967-F746-4878-920A-464568277C81\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3945wx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBDB6866-7C3D-4EB2-B000-F166585F4AA8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3955wx_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"406E8509-18D0-4A8D-AB14-E2D8627B2E32\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3955wx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C59F960F-D975-4CFF-96F1-E15C1A1A89C9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3960x_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53E14647-F625-4801-B884-1024CFCF7A05\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3960x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB68A0C0-E575-4AA0-A312-8B1933085C19\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3970x_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C274FF4-0DFF-42FF-B308-77042E558337\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3970x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB67C763-72E9-4E0D-873A-04220C3583C4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3975wx_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12D08409-5FC5-483A-8E2A-CFF2F82170ED\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3975wx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2AAD377-B60E-4EF5-BE1F-944B19CAA02A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3990x_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AE0FEBA-4C22-4DFC-8570-B4245431F266\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3990x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E682064-7B94-46F1-A906-20482941B80D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3995wx_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6A50495-C80D-4A9E-8332-DDB1D9A50827\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3995wx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DAA0D7A-E918-419D-BC89-65AA9E136C30\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3945wx_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1656388D-7294-4C23-A7AA-DE3698B6049F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3945wx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBDB6866-7C3D-4EB2-B000-F166585F4AA8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3955wx_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6ABD246-26BB-4A8E-BA08-67591E715F38\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3955wx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C59F960F-D975-4CFF-96F1-E15C1A1A89C9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3960x_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC6A1905-D30E-41C3-84DB-C05BE70C110C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3960x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB68A0C0-E575-4AA0-A312-8B1933085C19\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3970x_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24C15B2E-9D61-44C9-876D-0EBB7B438561\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3970x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB67C763-72E9-4E0D-873A-04220C3583C4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3975wx_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BED390E-AA1E-424C-8D13-61D661418855\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3975wx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2AAD377-B60E-4EF5-BE1F-944B19CAA02A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3990x_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B40AD74-67EC-4258-9073-8AFFDE743D49\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3990x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E682064-7B94-46F1-A906-20482941B80D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3995wx_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4383AF2-38C5-4225-B058-651979423864\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3995wx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DAA0D7A-E918-419D-BC89-65AA9E136C30\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3945wx_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8694294-9D25-4435-AD3E-0135141493B7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3945wx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBDB6866-7C3D-4EB2-B000-F166585F4AA8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3955wx_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2559307C-99A8-41D0-B13F-81EF3025857D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3955wx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C59F960F-D975-4CFF-96F1-E15C1A1A89C9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3960x_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A0295EE-CCDA-4B90-8CF2-020A90A77FF4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3960x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB68A0C0-E575-4AA0-A312-8B1933085C19\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3970x_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58FD7B3B-76E4-4EA1-8567-4699B600B541\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3970x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB67C763-72E9-4E0D-873A-04220C3583C4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3975wx_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC69F750-D3C5-455A-AE8C-2AC089C18376\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3975wx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2AAD377-B60E-4EF5-BE1F-944B19CAA02A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3990x_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C9F0F99-6AF5-46C4-A822-38DFE2FAD0B6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3990x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E682064-7B94-46F1-A906-20482941B80D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3995wx_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86F7CA80-CDA0-4391-A9C1-0DEF31B08320\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3995wx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DAA0D7A-E918-419D-BC89-65AA9E136C30\"}]}]}],\"references\":[{\"url\":\"https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001\",\"source\":\"psirt@amd.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.